db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Van Couvering <da...@vancouvering.com>
Subject Re: [jira] Commented: (DERBY-2109) System privileges
Date Thu, 14 Dec 2006 19:57:24 GMT


Rick Hillegas (JIRA) wrote:
> 
> 2) Unfamiliar api. Oracle, DB2, Postgres, and MySQL all handle system privileges in different
ways. Picking one of these models would still result in an api that's unfamiliar to many people.
That said, these databases do tend to use GRANT/REVOKE for system privileges, albeit each
in its own peculiar fashion. I agree that GRANT/REVOKE is an easier model to learn than Java
Security. I think however, that the complexity of Java Security is borne by the derby-dev
developer, not by the customer. Creating a policy file is very easy and our user documentation
gives simple examples which the naive user can just crib. With adequate user documentation,
I think this approach would be straightforward for the customer.

I must respectfully disagree that "creating a policy file is very easy." 
  I think it's a royal PITA - the syntax is complex, nonintuitive and 
unforgiving.

Can we provide a GRANT/REVOKE interface on top of an implementation that 
  uses JAAS?


Mime
View raw message